You are viewing limited content. For full access, please sign in.

Question

Question

Approval by Active Directory Group

Forms
Updated January 21, 2015
asked on May 19, 2014

I have a customer requesting a complex approval process that spans 30+ departments and 90+ people. As these people change frequently and to minimize the number of paths, I am hoping to set up approval via AD groups instead of users.  Is it possible to assign an approval process to an AD group and thus any member of that AD group would then be able to connect in and approve/reject the forms?  If not, is it possible to have a sql table contain these users/groups, run a lookup into the SQL table and then assign the approvers at run-time?  Any suggestions on how to make this dynamic is appreciated.

0 0

Answer

SELECTED ANSWER
replied on May 19, 2014

Currently, doing something similar to what you have created is the only way to do this. See this feature request here and mark it up if you think it would be a useful feature.

0 0
replied on May 19, 2014

Thanks, I dug through LF Answers trying to find a similar post but since it does not let you filter your search by anything more than post tags, it makes it tough to find among 100+ returned results.  But I guess complaining about Laserfiche Answers is a completely different post. This was exactly what I was looking for just not the answer I wanted.  Hopefully Forms 9.2 will make these processes more dynamic for large organizations.  I appreciate pointing me in the right direction.

0 0
replied on May 19, 2014

Along these lines, how would I go about assigning multiple people.  I can obviously do it if I create multiple hidden fields and have a stored procedure update each of these fields with the different users but once again this isn't dynamic.  Is there a way to assign multiple accounts to one field, via the Lookup Rules, and then use that single field to assign all of those people to the approval?

0 0

Replies

replied on May 19, 2014

I have found how to do it via a SQL table.  I created a SQL table that has a column for approver account (their AD account) and the approver department (the department they can approve for.  I then set a dropdown for the department and a second for the approver ID.  Then I created a lookup rule that populates the approver id based on the department chosen.  Finally, I set the approval task to use the value of that approver id field.  Additonally, I have the approver ID field set read-only via Javascript to ensure it is not changed by the user.  This works so long as this database is properly maintained.  It would still be so much simpler to be able to assign a task to an AD group.  I would love to hear if someone has found a way to it by AD group or an easier method than I am using.

0 0
replied on January 5, 2015

I have tried something similar here, where I've populated all of the users, and their managers, in a separate table (from Active Directory).  I've tried setting a form up so an employee's manager would be notified if a specific request was submitted.  Although I have the manager name coming up in the proper format (i.e. domain\username), the Event Viewer is showing, "The Email address of the specified user could not be found", as well as, "The value of variable "Laserfiche.Forms.Api.DataContract.RoutingParticipant" is not set".  Although I could provide the Email address as a hidden field (for notification purposes), I know this won't create a variable as the Event Viewer mentions.

Has anyone found a way around this to have notifications happen for someone that isn't the actual task participant?

0 0
replied on January 6, 2015

I have it working fine doing that with both participant licenses (synced via LDAP) and with users with full licenses synced via License Manager (LM) Active Directory synchronization.  

  • For the participant licenses synced via LDAP we had to use their email address, ensuring it is the main address and not an alias.  (e.g. JSmith@test.com)
  • For full licenses synced via LM sync we used the full AD account including domain(e.g. test\jsmith)

Both of these are working properly at multiple customers when we want to have a SQL table populate Form fields that are then used for tasks or notifications.

0 0
replied on January 9, 2015

Hmm...I had tried taking the exported data from Active Directory to create the full AD account (exactly like you had specified, Domain\Username), however despite having this value being referenced as the participant, it was expecting an Email address as well.  I'm currently exporting everything to Excel, then import this into SQL Server, did you do something similar, or are you referencing the AD data directly?


(Sorry for all the silly questions, querying AD is something slightly foreign to me.)

0 0
replied on January 21, 2015

So we have two fields on our form: ApproverA & ApproverB.  We then have a SQL table with the following columns: pkidSubmitter, ApproverA, & ApproverB.  When a person starts a form we capture their UserID (domain\user) in a hidden field and use a lookup rule against the SQL table.  Thus where the field UserID=Submitter from the SQL table, we fill in the hidden fields ApproverA & ApproverB with their corresponding fields in the database.  As these approvers have full Laserfiche licenses and we are authenticating directly through AD in Laserfiche (not a Laserfiche user associated with an AD account) the values we put in the SQL table for ApproverA and ApproverB is also domain\user.

Exceptions to this are if you are using LDAP users for your Laserfiche or participant licenses or if you are using Laserfiche accounts that are associated with an AD account.  For the LDAP accounts you would use their primary email address and with Laserfiche accounts you would use their Laserfiche account.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...